diff options
Diffstat (limited to 'keama/tests/alanc/dhcpd.conf.10.252.19.5')
-rw-r--r-- | keama/tests/alanc/dhcpd.conf.10.252.19.5 | 546 |
1 files changed, 0 insertions, 546 deletions
diff --git a/keama/tests/alanc/dhcpd.conf.10.252.19.5 b/keama/tests/alanc/dhcpd.conf.10.252.19.5 deleted file mode 100644 index 71b9a8a4..00000000 --- a/keama/tests/alanc/dhcpd.conf.10.252.19.5 +++ /dev/null @@ -1,546 +0,0 @@ -################ -# dhcpd.conf # -################ - -# generated by /home/ipadmin/bin/dhcp-gen.pl for DHCP server 10.252.19.5 at Mon Oct 22 04:35:17 CEST 2018 - - - -# global DHCPD statements for all servers -# -authoritative; - -#### Omapi Statements; -omapi-port 7911; -#include "/etc/omapi.key"; -#### End of Omapi Statements; -if substring (option dhcp-client-identifier, 1, 4) = "RAS " { - ignore booting; -} -ignore bootp; - -delayed-ack 28; -check-secs-byte-order on; - -########### Deny unwanted clients ########################### -class "persona-non-grata" { - match substring(hardware,1,6); - log (info,"class match: persona-non-grata"); - deny booting; -} -# subclass "persona-non-grata" d4:c9:ef:50:8d:f9; -############################################################# - - - -#### DDNS #### -ddns-ttl 61; # makes it easier to distinguish -deny client-updates; # Achtung: Default ist DENY! IGNORE laesst den Client updaten!!!! (patch ISC rt16185) -ddns-update-style interim; # Beta 2 Control -update-optimization false; -do-reverse-updates false; # disables reverse mapping activities -ddns-domainname "dhcp.allianz."; -#ddns-rev-domainname "dhcprev.allianz."; - -server-id-check true; -ping-check true; -update-static-leases true; - - -#### JumpStart Params #### -option space SUNW; -option SUNW.root-mount-options code 1 = text; -option SUNW.root-server-ip-address code 2 = ip-address; -option SUNW.root-server-hostname code 3 = text; -option SUNW.root-path-name code 4 = text; -option SUNW.swap-server-ip-address code 5 = ip-address; -option SUNW.swap-file-path code 6 = text; -option SUNW.boot-file-path code 7 = text; -option SUNW.posix-timezone-string code 8 = text; -option SUNW.boot-read-size code 9 = unsigned integer 16; -option SUNW.install-server-ip-address code 10 = ip-address; -option SUNW.install-server-hostname code 11 = text; -option SUNW.install-path code 12 = text; -option SUNW.sysid-config-file-server code 13 = text; -option SUNW.JumpStart-server code 14 = text; -option SUNW.terminal-name code 15 = text; - -####### PXE Params ######### -option space PXE; -option PXE.mtftp-ip code 1 = ip-address; -option PXE.mtftp-cport code 2 = unsigned integer 16; -option PXE.mtftp-sport code 3 = unsigned integer 16; -option PXE.mtftp-tmout code 4 = unsigned integer 8; -option PXE.mtftp-delay code 5 = unsigned integer 8; -option PXE.discovery-control code 6 = unsigned integer 8; -option PXE.discovery-mcast-addr code 7 = ip-address; -option PXE.boot-server code 8 = { unsigned integer 16, - unsigned integer 8, - ip-address }; -option PXE.boot-menu code 9 = { unsigned integer 16, - unsigned integer 8, - text}; -option PXE.menu-prompt code 10 = { unsigned integer 8, text }; - -###### Wyse Thin Clients ######## -option space Wyse; -option Wyse.file-uri code 161 = string; -option Wyse.root-path code 162 = string; - -# global default: -option Wyse.root-path "/"; - -class "wyse-clients-avc" { - match if substring (option vendor-class-identifier, 0, 9) = "wyse-1000"; - vendor-option-space Wyse; - #option Wyse.file-uri "https://tc-wyse.allianz.com"; # for fallback... - option Wyse.file-uri "https://tc-wyse-e1.srv.allianz:443"; -} - -class "wyse-clients-dev" { - match if substring (option vendor-class-identifier, 0, 9) = "wyse-dev1"; - vendor-option-space Wyse; - option Wyse.file-uri "https://tc-wyse-d-e1.srv.allianz:443"; - option domain-name "rootdom.net"; -} - -class "wyse-clients-int" { - match if substring (option vendor-class-identifier, 0, 9) = "wyse-int1"; - vendor-option-space Wyse; - #option Wyse.file-uri "http://tc-w-i.srv.allianz"; - option Wyse.file-uri "https://tc-wyse-i-e1.srv.allianz:443"; -} - -# TC bug: must contain :80 -class "wyse-clients-avc-perm" { - match if substring (option vendor-class-identifier, 0, 9) = "wyse-1002"; - vendor-option-space Wyse; - #option Wyse.file-uri "https://tc-wyse.allianz.com:443/stage2"; # for fallback - option Wyse.file-uri "https://tc-wyse-e1.srv.allianz:443/stage2"; -} - -class "wyse-clients-dev-perm" { - match if substring (option vendor-class-identifier, 0, 9) = "wyse-dev2"; - vendor-option-space Wyse; - option Wyse.file-uri "https://tc-wyse-d-e1.srv.allianz:443/stage2"; - option domain-name "rootdom.net"; -} - -class "wyse-clients-int-perm" { - match if substring (option vendor-class-identifier, 0, 9) = "wyse-int2"; - vendor-option-space Wyse; - #option Wyse.file-uri "http://tc-w-i.srv.allianz:80/stage2"; - option Wyse.file-uri "https://tc-wyse-i-e1.srv.allianz:443/stage2"; -} - - - -########## other option codes ###### -## warning: site-option-space cisco.tftp-server takes PRECEDENCE! -## BCP: Do NOT use cisco-tftp-server, but make sure clients got matched -## in the site-option-space "cisco". -option cisco-tftp-server code 150 = array of ip-address; -## -option vlan-identifier code 169 = string; -option wpad-servers code 252 = string; -option BootControlReply code 128 = string; -option BootControlRedirection code 129 = string; - -option space symantec; -option symantec.sld-preos-locator-server code 128 = ip-address; - -####### Cisco WLAN AP Params ######### -option space CiscoWLAN; -option CiscoWLAN.WLAN1000 code 102 = text; -option CiscoWLAN.WLAN1200 code 241 = ip-address; ## FIXME: may be more than one ip! -option CiscoWLAN.WLC code 241 = array of ip-address; - -##### Cisco WLAN AP Test (markus geller) ##### -class "WLAN-AP-old" { - match if substring (option vendor-class-identifier, 0, 16) = "Airespace.AP1200"; - vendor-option-space CiscoWLAN; - option CiscoWLAN.WLAN1000 "130.70.249.253"; -} - -##### Cisco WLAN AP Test (Christof Chen) ##### -class "WLAN-AP" { - match if substring (option vendor-class-identifier, 0, 8) = "Cisco AP"; - vendor-option-space CiscoWLAN; - #option CiscoWLAN.WLC 192.168.1.1,192.168.1.2; -} - -################ -# Redirect PXE Boot to local Relay Agent -class "pxeclients" { - match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; - # disable PXE proxy for 185.2.0.0/16 DDS Duisburg - #if (substring(leased-address, 0, 2) = b9:02) - #{ - # option vendor-class-identifier "NoPXE"; - #} else { - # option vendor-class-identifier "PXEClient"; - #} - -option vendor-class-identifier "PXEClient"; - - set identified-phase = "PXE"; - - if (client-type = "AVC") { - # test CC 20180302 - #log (info,"match: AVC PXE client, 1201 sec lease"); - min-lease-time 1201; - default-lease-time 1201; - max-lease-time 1801; - - } else { - - # booting PXE Agents should expire REAL soon (the booted OS has often a static IP anyway) - # ISC recommendation: "longer than 122 sec!" - min-lease-time 302; # 2 second marker - default-lease-time 302; - max-lease-time 602; - } -} - - - - -### Siemens VOIP Phones #### - -option space SiemensOpti; -option SiemensOpti.VendorName code 1 = text; -option SiemensOpti.VLAN code 2 = unsigned integer 32; -option SiemensOpti.DLSIP code 3 = text; -option SiemensOpti.DLSHost code 4 = text; - -class "siemens-voip" { - match if substring (option vendor-class-identifier, 0, 11) = "OptiIpPhone"; - vendor-option-space SiemensOpti; - option SiemensOpti.VendorName "Siemens"; - #option SiemensOpti.DLSHost "sdlp://dls.voip.allianz:18443"; -} - - -### Avaya VoIP phones ### -option space avaya; -option avaya.config-46xx code 176 = text; #Used by 46xx hardware -option avaya.config-96xx code 242 = text; #Used by 96xx and newer - -class "Avaya-phones" { - match if substring (option vendor-class-identifier, 0, 13) = "ccp.avaya.com"; - #vendor-option-space avaya; # we use site-option-space !!! - site-option-space "avaya"; -} -### Cisco VoIP phones ### -option space cisco; -option cisco.tftp-server code 150 = array of ip-address; - -# -# !!! adding new matches here requires modification of track_vci.pl in variable $vcimatch !!! -# -class "Cisco-phones" { - match if ( - (substring (lcase(option vendor-class-identifier), 0, 28) = lcase("Cisco Systems, Inc. IP Phone")) - or (substring (lcase(option vendor-class-identifier), 0, 27) = lcase("Cisco System, Inc. IP Phone")) - or (substring (lcase(option vendor-class-identifier), 0, 19) = lcase("Cisco Systems, Inc.")) - ); - site-option-space "cisco"; - #option cisco.tftp-server 10.240.250.1, 10.240.250.2; -} - - -###### eLuxNG Thin Clients ########## -option space eLuxNG; -option eLuxNG.scoutserver code 222 = text; -option eLuxNG.groupid code 223 = unsigned integer 32; - -class "eLuxNG" { - match if substring (option vendor-class-identifier, 0, 6) = "ELUXNG"; - site-option-space "eLuxNG"; - option eLuxNG.scoutserver "XAIMUCA9.allianzde.rootdom.net."; - -} - - -######### Classless static routes ######## -option classless-routes code 121 = array of unsigned integer 8; -# mask, significant bytes, gw-ip -#classless-routes 24, 192, 168, 47, 192, 168, 0, 25; - - -############################################################################### -#### HP-Druckserver duerfen nicht gepingt werden (Fehler bei Reset) -#### achtung nur fuer ad/ID-loesungen -class "hp-druckserver" { - match if (substring(option host-name, 0, 3) = "NPI"); - ping-check false; - default-lease-time 259200; - min-lease-time 259200; - max-lease-time 259200; -} - -###### -class "windows-installation" { - match if (substring(option host-name, 0, 7) = "minint-"); - min-lease-time 127; # 7 second marker - default-lease-time 1807; - max-lease-time 3607; - ddns-updates off; -} - -class "windows8-installation" { - match if (substring(option host-name, 0, 4) = "win-"); - min-lease-time 129; # 9 second marker - default-lease-time 1809; - max-lease-time 3609; - ddns-updates off; -} - -###### -class "windows-server" { - match if (option host-name ~~ "^(sw|wfra|wmuc|wgb|wath|wams|wzrh|vdub|vavc|vg02u|wber|wham)"); - ignore client-updates; -} - -option space MSFT; -option MSFT.release-on-shutdown code 2 = unsigned integer 32; -option MSFT.default-router-metric-base code 3 = unsigned integer 32; - -###### -class "windows-clients-ad" { - match if (option host-name ~~ "^((b[a-z]-[0-9]{2}-[0-9]{6}))"); - ignore client-updates; -} - - -############### DHCP Snooping ####################### -if exists agent.circuit-id -{ - log ( info, concat( "DHCPSNOOP ", binary-to-ascii (10, 8, ".", leased-address), " IF ", - binary-to-ascii (10, 8, "/", suffix ( option agent.circuit-id, 2)), " VLAN ", - binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)), " on ", - binary-to-ascii(16, 8, ":", substring( option agent.remote-id, 2, 6)))); -} - -########### WEP: Austausch der LWL-Karten ########################### -# Sollte bis 30.6.2007 abgeschlossen sein! Christof Chen -# am 12.12.2011 die subclass matchstatements auskommentiert Maik Ryssel -# -class "lwl-clients" { -# migration class for WEP: LWL Replacement - match substring(hardware,1,3); - #log (info,"class match: lwl-client"); - min-lease-time 300; - default-lease-time 1800; - max-lease-time 3600; -} -## subclass "lwl-clients" 00:30:84; -## subclass "lwl-clients" 00:0c:46; -## subclass "lwl-clients" 00:02:8a; -## subclass "lwl-clients" 00:01:03; -## subclass "lwl-clients" 00:04:75; -## subclass "lwl-clients" 00:01:02; -## subclass "lwl-clients" 08:00:27; -## subclass "lwl-clients" 00:09:6b; -## subclass "lwl-clients" 00:50:04; -## subclass "lwl-clients" 00:04:76; -## subclass "lwl-clients" 00:10:4b; -############### ENDE LWL Austausch ######################### - -########### Drucker HP: K5400 Gatewayproblem ########################### -## class "hp-k5400" { - ## Test Gateway fuer Drucker setzen - ## match substring(hardware,1,6); - ## log (info,"class match: hp-k5400"); - ## option dhcp-parameter-request-list 1, 3, 6, 12, 13, 15, 66, 67; - ## option dhcp-parameter-request-list = concat ( option dhcp-parameter-request-list, 03 ); -## } -## subclass "hp-k5400" 00:17:a4:29:8a:4c; -## subclass "hp-k5400" 00:1e:4f:f4:ec:08; -## subclass "hp-k5400" 00:17:a4:25:f9:a6; -## subclass "hp-k5400" 00:1b:78:d7:46:8c; -## subclass "hp-k5400" 00:1b:78:d7:46:b5; -## subclass "hp-k5400" 00:1b:78:a0:d6:96; -## subclass "hp-k5400" 00:1b:78:a0:86:4b; -## subclass "hp-k5400" 00:1b:78:a0:f1:9b; -## subclass "hp-k5400" 00:1b:78:a0:e5:88; -## subclass "hp-k5400" 00:1b:78:a0:d6:27; -## subclass "hp-k5400" 00:1b:78:a0:86:56; -############## ENDE Drucker HP: K5400 Gatewayproblem ################### - -########## Kasinoboot systeme ################# -# Sollte bis 31.12.2007 durch AGIS XP Installation abgeloest sein! -## class "kasinoboot" { -## match substring(hardware,1,6); -## #log (info,"class match: kasinoboot"); -## option vendor-encapsulated-options 06:01:07:08:07:ff:f0:01:82:0a:58:0c:09:18:ff:f0:15:50:72:6f:64:61:63:74:61:20:42:6f:6f:74:20:43:6f:6e:74:72:6f:6c:0a:04:00:41:41:41:47:03:00:00:00:ff; -## option BootControlReply "BcReP2"; -## option BootControlRedirection 42:63:53:72:56:82:0a:58:0c:07:d0; -## } - -## subclass "kasinoboot" 00:a0:24:3d:a3:61; -## subclass "kasinoboot" 00:a0:24:4f:b3:14; -## subclass "kasinoboot" 00:a0:24:84:f4:d4; -## subclass "kasinoboot" 00:a0:24:86:d5:17; -## subclass "kasinoboot" 00:a0:24:86:d5:b6; - -############################################ - -############################################################################### -# match: cg123456 cgk12345 bb-12-123456 -class "clients" { -match if (option host-name ~~ "^(c[a-z][a-z0-9][0-9]{5}|c[a-z][0-9]{2}[a-z0-9][0-9]{3}|b[a-z]-[0-9]{2}-[0-9]{6}|vavc|vg02)"); - update-conflict-detection false; -} -############################################################################### - -################ VCI Logging #################################### -if ((exists vendor-class-identifier) and (option dhcp-message-type=3)) -{ - log (info, concat("VCI: ", binary-to-ascii(10, 8, ".", leased-address), " ", concat ( -suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 1, 1))),2),":", -suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 2, 1))),2),":", -suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 3, 1))),2),":", -suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 4, 1))),2),":", -suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 5, 1))),2),":", -suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 6, 1))),2) -), " ",option vendor-class-identifier)); -} - - -#class "AVC-clients" { -# match if (option vendor-class-identifier = "MSFT 5.0" and substring(lcase(option host-name), 0, 10) = lcase("VG02DI5200")); -# #send fqdn.server-update true; -# #send fqdn.no-client-update true; -# vendor-option-space MSFT; -# option MSFT.release-on-shutdown 1; -# #option MSFT.default-router-metric-base 500; -#} - -#### Controls server behaviour; -default-lease-time 518400; # 6 Tage -min-lease-time 600; # 10 minuten -max-lease-time 518400; # 6 Tage - -adaptive-lease-time-threshold 70 ; - -option domain-name "srv.allianz"; -option domain-name-servers 10.252.18.60,10.252.19.60; - -option ntp-servers 10.252.18.60,10.252.19.60,10.252.17.60; - -option wpad-servers "http://pacfile.allianz/insurance.pac"; - -#include "/etc/dhcp-muc.key"; -zone dhcp.allianz. { primary 10.252.6.85; key dhcp-muc.; } # prepare zone move to E1 DDNS server - -local-address 10.252.19.5; - -########################### -# DHCP Failover Secondary # -########################### - -failover peer "peer-SYD1-SYD2" { # Failover configuration - secondary; # I am the secondary - address 10.252.19.5; # My IP address - port 647; - peer address 10.252.18.5; # Peer's IP address - peer port 647; - max-response-delay 120; - max-unacked-updates 10; - load balance max seconds 5; -} - - -######################################################################## - - -shared-network AP2-DCSYD-VPN-Pool1 { - # uses DHCP Servers: 10.252.18.5 10.252.19.5 - default-lease-time 3600; - option CiscoWLAN.WLC 10.127.164.114 ,10.127.164.115; - - subnet 10.213.96.0 netmask 255.255.240.0 { # ipnetid: 69298901 - option subnet-mask 255.255.240.0; - option routers 10.213.111.254; - pool { # failover - #do-failover; - failover peer "peer-SYD1-SYD2"; - range 10.213.96.25 10.213.103.208; # on server: 10.252.18.5 - range 10.213.103.209 10.213.111.160; # on server: 10.252.19.5 - } - } -} - - -shared-network SYD-Failover-test { - # uses DHCP Servers: 10.252.18.5 10.252.19.5 - option CiscoWLAN.WLC 10.127.164.114 ,10.127.164.115; - - subnet 3.1.10.0 netmask 255.255.255.0 { # ipnetid: 69956011 - option subnet-mask 255.255.255.0; - option routers 3.1.10.1; - pool { # failover - #do-failover; - failover peer "peer-SYD1-SYD2"; - range 3.1.10.10 3.1.10.115; # on server: 10.252.18.5 - range 3.1.10.116 3.1.10.219; # on server: 10.252.19.5 - } - } -} - - -shared-network SYD-SMA-IPSERVICES-1928 { - # uses DHCP Servers: 10.252.1.157 10.252.18.5 10.252.1.164 10.252.19.5 - option ntp-servers 10.252.16.60,10.252.17.60; - option domain-name "ip.allianz"; - option domain-name-servers 10.252.16.60,10.252.17.60; - default-lease-time 3600; - option CiscoWLAN.WLC 10.127.164.114 ,10.127.164.115; - - subnet 10.252.18.0 netmask 255.255.255.0 { # ipnetid: 58255261 - option subnet-mask 255.255.255.0; - option routers 10.252.18.1; - # pool { # failover - # #do-failover; - range 10.252.18.200 10.252.18.209; # on server: 10.252.1.157 - range 10.252.18.210 10.252.18.219; # on server: 10.252.1.164 - # } - } -} - - -shared-network SYD-SMA-IPSERVICES-1929 { - # uses DHCP Servers: 10.252.1.157 10.252.18.5 10.252.1.164 10.252.19.5 - option ntp-servers 10.252.16.60,10.252.17.60; - option domain-name "ip.allianz"; - option domain-name-servers 10.252.16.60,10.252.17.60; - default-lease-time 3600; - option CiscoWLAN.WLC 10.127.164.114 ,10.127.164.115; - - subnet 10.252.19.0 netmask 255.255.255.0 { # ipnetid: 58255281 - option subnet-mask 255.255.255.0; - option routers 10.252.19.1; - # pool { # failover - # #do-failover; - range 10.252.19.200 10.252.19.209; # on server: 10.252.1.157 - range 10.252.19.210 10.252.19.219; # on server: 10.252.1.164 - # } - } -} - - -shared-network s7srvhs15--Vlan609 { - # uses DHCP Servers: 10.125.1.5 10.252.3.145 10.252.6.5 10.252.1.157 10.252.14.5 10.252.12.5 10.106.33.114 10.252.15.5 10.252.17.5 10.97.137.241 10.252.8.5 10.106.33.112 10.252.16.5 10.125.1.21 10.252.3.129 10.97.137.242 10.252.9.5 10.106.33.111 10.252.13.5 10.252.1.164 10.252.7.5 10.252.18.5 10.252.19.5 10.106.33.113 - option CiscoWLAN.WLC 10.127.164.114 ,10.127.164.115; - - subnet 10.252.1.48 netmask 255.255.255.248 { # ipnetid: 9334 - option subnet-mask 255.255.255.248; - option routers 10.252.1.49; - # pool { # none - # # explicitly no range in this subnet - # } - } -} - - |